Since its creation in 2019, the Conti ransomware group has terrorized organizations of all sizes across the globe. The cyber gang has conducted more than 1,000 ransomware campaigns, targeting critical infrastructure both in the United States and abroad. Organizations it has targeted include law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities.
The U.S. Department of State says that Conti has successfully attacked more than 400 organizations, with 290 of those in the U.S., earning more than $180 million in 2021 alone.
In an attempt to limit or shutdown Conti's activity entirely, the State Department's Rewards for Justice (RFJ) program is offering up to $10 million for information leading to the identification or location of any person in violation of the Computer Fraud and Abuse Act (CFAA).
Conti ransomware group
If the name Conti isn't ringing any bells, the cyber gang is a ransomware-as-a-service (RaaS) operation linked to the Russian government. It has been known to target critical infrastructure of Western allies, and has recently become involved in the situation in Ukraine.
Conti operators pledged full support to Russia when President Vladimir Putin declared he would be invading Ukraine, saying they would attack any country that attempted to intervene.
However, this did backfire a bit for Conti when one member decided they did not want to support a war. An anonymous Ukrainian security researcher, who had access to Conti's internal systems, leaked 13 months of incredibly sensitive data. The data included Bitcoin addresses, Jabber chat logs, and negotiations between Conti and its ransomware victims. A majority of the data contains internal discussions between members of Conti, including personal details, conflicts, and accusations.
The RFJ program describes Conti's operations:
"Conti operators typically steal victims' files and encrypt the servers and workstations in an effort to force a ransom payment from the victim. The ransom letter instructs victims to contact the actors through an online portal to complete the transaction. If the ransom is not paid, the stolen data is sold or published to a public site controlled by the Conti actors. Ransom amounts vary widely, with some ransom demands being as high as $25 million."
While the RFJ program has placed bounties on cyber gangs before, it has rarely been able to provide information related to specific individuals. This time, they're letting the world know exactly who they are looking for.
The bounty listing provides the known aliases of five individuals—"Dandis," "Professor," "Rashaev," "Target," and "Tramp"—plus this image of a sixth threat actor:
It is unclear if this individual is one of the five listed above, or another person entirely.
Anyone with information potentially related to Conti or these individuals should contact the Rewards for Justice program immediately.